Getting Started with ALTR & Snowflake
Configure ALTR's Snowflake Service User
Connect Snowflake Databases
Connect Columns to ALTR
Creating Policy & Manage Data
Column Access Policies
Row Access Policy
ALTR Driver JDBC Installation
ALTR Driver ODBC Installation
Configure Tableau to Gain User Level Observability
Integrating ALTR Notifications with AWS S3
TDS Proxy Installation
Custom Masking and Extensibility Functions
Bring Your Own Key for Vaulted Tokenization
In this guide you will learn how-to connect your Snowflake database with ALTR. This guide is helpful for users who connected their databases in the Snowflake Onboarding Wizard and are looking to connect additional databases on Snowflake Partner Connect.
In order to integrate ALTR with your Snowflake Account through Snowflake Partner Connect, ALTR needs a Snowflake 'Service User' with appropriate permissions to build and enforce governance policy. Here's how to configure ALTR’s Service User:
Although the service user and role already exist, additional permissions are required to build and enforce governance policy, such as access to your databases, dynamic data masking policies, and API integrations. ALTR automatically loads a stored procedure in PC_ALTR_DB that lets you update the service user permissions programmatically with a single command, as pictured above.
What permissions does ALTR need?
ALTR leverages Snowflake Dynamic Masking Policies and External Functions to integrate with Snowflake and implement data governance. ALTR needs access to your database in order to identify schema information, metadata, and warehouses to monitor query activity.
In this guide you will configure PC_ALTR_USER and PC_ALTR_ROLE to allow ALTR to properly integrate with your Snowflake account.
In a new worksheet under the 'Context' settings, set the following:
a. Role to ACCOUNTADMIN. If you cannot select ACCOUNTADMIN, ask your Snowflake Administrator for assistance.
b. Schema to PUBLIC.
c. ALTR provides a Snowflake procedure named SETUP_ALTR_SERVICE_ACCOUNT for service account configuration. To run this procedure in your Snowflake database, copy and paste the below statement into the Worksheet and press the 'Run' button.
d. Once you run the above call statement, you can return to ALTR. Refresh the 'Data Sources' in ALTR before you attempt to connect your Snowflake database.
Note: If you created a database after your initial account setup, you will need to run the above call statement in your Snowflake database to setup our service account.
Begin your database onboarding process by providing the following information into ALTR:
1. Go to Data Configuration > Data Sources > Add New
2. On the right side of the page use the Connect Data Source pane to add your Snowflake database, providing the following information:
· Data source Name: A nickname for your database
· Data source Type: ‘SnowflakeCloud Integration’
· Connection Type: ‘Snowflake Partner Connect’
· Source Hostname: YourSnowflake instance URL [Example: AAA000.snowflakecomputing.com]
· Select Snowflake Database: Your Snowflake database name
Optional: Select the 'Classify data' & 'Add data usage analytics' checkboxes to gain insights on your data.
3. Click 'Connect' once you complete the form.
4. Status will be updated to 'Connected' and the database will appear on the Data Source screen. If your credentials are invalid an error message will pop-up. Please try again, if the problem persists, please contact email@example.com.
Are you using a restrictive Snowflake Network Policy?
ALTR reaches out to Snowflake to configure governance policy and query metadata. If you have a Snowflake Network Policy with an IP whitelist, you need to add ALTR's IP addresses before connecting your database.
These IP addresses include:
After you whitelist these IP addresses, you can manually connect your Snowflake databases to ALTR. You can find instructions for that here.